Secondary menu

When installing ClamAV from EPEL to CentOS/Red Hat 7 becomes a nightmare…

The installation of ClamAV from EPEL 7 to CentOS/Red Hat 7 is a little bit more challenging than the simple setup used in CentOS 6/Red Hat 6. The problem isn’t really the installation itself, but the way how things are documented and what it’s really needed to do to use ClamAV.

You can find a lot of bad information on the Internet who only complicate things (perhaps this post will add more incorrect information…). But when you know how to install it, it can be done quickly, smoothly and without difficulties. The complication came with the proliferation of packages that need to be installed, and as always with EPEL, the missing/lost documentation on how the packages were made.

This post is trying to suggest a working solution that can be used to start from scratch with a new installation.

A part of the answer can be found in the lost manual:

more /usr/share/doc/clamav-server-*/README

1 – Install EPEL 7

After you’ve successfully installed your operating system and applied all the updates. You can install the EPEL 7 repository by running this command:

yum install epel-release

2 – Install and configure the ClamAV packages

yum install clamav clamav-scanner-systemd

Yes, it’s enough. When installing these packages all needed packages will be installed by dependency.

Create a symbolic link to the default file path and link it to the clamd@scan file (read comments for more information):

ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

Edit the configuration installed by the clamd-scanner package:

vi /etc/clamd.d/scan.conf

Comment the example line:

#Example

Uncomment the LocalSocket config line to enable it:

LocalSocket /var/run/clamd.scan/clamd.sock

Save and quit the text editor.

3 – Turn on the SELinux boolean for antivirus

setsebool -P antivirus_can_scan_system 1

4 – Start the service and enable it at boot

systemctl start clamd@scan
systemctl enable clamd@scan

5 – Install and configure the ClamAV updater

To automatically get the latest virus updates, you need to install the binary used for this task:

yum install clamav-update

Edit the configuration file:

vi /etc/freshclam.conf

Comment the example line:

#Example

Edit the second configuration file (in sysconfig):

vi /etc/sysconfig/freshclam

Comment this line to allow you to use crontab (updates are disabled by default):

#FRESHCLAM_DELAY=disabled-warn

Save files and quit the text editor and run the command “freshclam” to update the virus database. If needed you can add a crontab to execute it regularly.

6 – Test your installation

clamdscan --fdpass /var/log/*

Always use the –fdpass to give the correct permission to scan the files with clamdscan binary. In some case the first check mays fail after the installation, a simple reboot can solve this issue.

I have installed many Linux boxes from FC3 – right to FC10 from 200-users mail serves, firewalls, proxy servers, samba, MailScanners working with CLAMAV and SpamAssassin and they are all still working today appart from the old upgrading of hardware and server OS…

WHAT THE HELL DID THESE PEOPLE DO TO PERFECTLY WORKING Linux Mail servers???!? I cant even install Squirrelmail or CLAMAV without seeing important things commented out which never use to be the case, and why by Zues’s beard to they have the word “EXAMPLE” in the middle of a config file not commented out?
I could have installed these things with my eyes closed and now I have to open them with a simple Postfix, Mailscanner, ClamAV and Spamassassin installation. I chucked Squirrelmail out the windows that sh!t just aint working anymore. This new Epel thing screwed everything up.

This was the ONLY piece of documentation that helped me get ClamAV installed. Thank you so much for providing ACCURATE AND HELPFUL info!!!!
No idea how to do anything with clamav to ensure its functionality but needed to install AV on the system.

Periodically, I DO try getting into Linux and would love nothing more than to get rid of all Windows systems, but crap installations, along with worthless installation instructions, like ClamAV provides makes me glad I’m too stupid for Linux.

Why can’t the installation take care of basic configuration in the first place?

in this comand i get :SELinux is disabled., i use plesk ant default not have enebled the SELinux , so i load the extension SELinux in the extension of plesk bat i have agen the same erorr SELinux is disabled.

Thanks for saving me many hours of trying to resolve conflicting documents and making false starts. I appreciate you taking the time to share your knowledge and simplify the install process for others!

Sorry for what may be a silly question, but by uncommenting the Checks parameter in /etc/freshclam.conf, wouldn’t freshclam perform a database automatically, without the need for a separate crontab? Is the use of a crontab preferred? Also, when i attempt to run sudo clamdscan /, I receive a lot of error messages regarding insufficient access permissions for various files. I would have assumed that by running clamdscan as root, i wouldn’t have these permissions errors.

By default, the freshclam update is disabled to avoid network access (based on official documentation). Removing this line allow freshclam to access Internet without error, so next you can create a crontab.

Thanks for this article. It was straightforward and works fine with one minor hiccup caused by my own security configuration.

Freshclam writes its files as the user clamupdate. Clamd@scan runs as the user clamscan. I am asked to run systems with a restrictive 027 umask, so when freshclam creates the database files in /var/lib/clamav/ it makes them owned by clamupdate.clamupdate with 640 permissions instead of 644. As a result clamscan can’t read them. I added the clamscan user account into the clamupdate group, and it fixed the issue without requiring me to change my umask. If clamscan can’t read the database files it just restarts the clamd@scan service over and over and uses an impressive amount of CPU doing it.

Just posting this comment here so that others may find it if they search

Hi,
I am using CentOS 7 and Plesk Onyx.
What settings do we need to make in order to use ClamAV as antivirus for email attachments (postfix) and on-access scanning (to protect against malicious files upload using php scripts)?

I have followed your guide and have came up with an error ” Can’t create temporary directory /car/lib/clamav/clamav-445566787.tmp.
Hint: The database directory must be writable for UID 1000 or GID 1000. I have followed your instructions verbatim 3 times and reinstalled CentOS 7.4**** in case it was me…
I am a novice but after reading the praises from previous users here thought I will attempt this too but I am stuck now. Any help would be greatly appreciated…
James